Spring Boot REST APIs SSO issue

Camunda 7 Topics Discussion & Questions
1

We are using camunda-bpm-spring-boot-starter and have managed to configure SSO via an external identity provider (IdP).
We are able to successfully deploy a process and start an instance of it using REST APIs.
Every new task creation creates an authorization in the DB for that task based on task’s assignee.
But, in our case camunda is not able to filter out users based on this authorization and it allows any user to complete any other user’s task. After looking at the ProcessEngineAuthenticationFilter plugin, we are adding the authentication to the rest api via this:

EngineUtil.lookupProcessEngine(DEFAULT_PROCESS_ENGINE_NAME)
            .getIdentityService()
            .setAuthentication(accessToken.getPreferredUsername(),
                    ((ArrayList<String>) accessToken.getOtherClaims().get(DEFAULT_GROUP_CLAIM_ID)));

Are we missing out something?

2

Hi @AjayVerma,

this issue could be related to the thread. Can you confirm it?

Best regards,
Philipp

1 Like
3

Hi, it’s definitely the same issue. You can get it to work as I did, however, somebody could confirm if it’s a bug or feature, and if it’s a bug, then incident should be created.

4

Hi, @Philipp_Ossler @tomorrow

Thanks for your suggestion. It worked.

Regards,
Ajay

5